From patchwork Mon Oct  6 14:34:17 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Riku Voipio <riku.voipio@linaro.org>
X-Patchwork-Id: 38370
Return-Path: <patchwork-forward+bncBC4MBBM76YMRBUGRZKQQKGQEYCVZWFI@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-ee0-f72.google.com (mail-ee0-f72.google.com [74.125.83.72])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 65700202E7
 for <linaro@patches.linaro.org>; Mon,  6 Oct 2014 14:36:02 +0000 (UTC)
Received: by mail-ee0-f72.google.com with SMTP id e51sf2963684eek.7
 for <linaro@patches.linaro.org>; Mon, 06 Oct 2014 07:36:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:date
 :message-id:in-reply-to:references:cc:subject:precedence:list-id
 :list-unsubscribe:list-archive:list-post:list-help:list-subscribe
 :errors-to:sender:x-original-sender
 :x-original-authentication-results:mailing-list;
 bh=M9r6/iqgo9QN0qRlhZ5gJzRow3KyQCP4laIOKG6cdOg=;
 b=h1aB2Mf9bSXW1h5D2IJJHI4J4qKkU+C1TJ8q1piFXfDzLgcMHhZld3pQOUdEfR9Yyy
 2yA0WWnZsyHxJAvqvm4foDL6sqbHTZuKNzcOiIbVN3Pk04rUwgu1aqKc9CYmSrRyWbEd
 9G92TQeV6ieTB2mQPfYbAXA63NJ7FrlVwKJIeXsfgHnQ3LGlcS6kj8x0mMd/sNYNLkWR
 hPBtkHxnDRrPkto5Z2bLJM80t2zIo1TD2/ohSUT20cA0ua6kOA5LxyW3bjZCfcvM2SFe
 CHyeK6QXwRz8ROeu3QklamL80HiyDs6ySUswA1qTM3xi5CYW63+LlcZGu+rSLm6M+sZX
 clIQ==
X-Gm-Message-State: ALoCoQnjjjMr2wYEMW4mbbokD71Wv9qeJEgVundAM5z9sy3apGSrzei1IJXUmgiqdqHxcaSQXOwr
X-Received: by 10.112.220.8 with SMTP id ps8mr825711lbc.5.1412606160938;
 Mon, 06 Oct 2014 07:36:00 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.27.74 with SMTP id r10ls596203lag.109.gmail; Mon, 06 Oct
 2014 07:36:00 -0700 (PDT)
X-Received: by 10.152.21.42 with SMTP id s10mr25847720lae.61.1412606160798; 
 Mon, 06 Oct 2014 07:36:00 -0700 (PDT)
Received: from mail-la0-f41.google.com (mail-la0-f41.google.com
 [209.85.215.41]) by mx.google.com with ESMTPS id
 d9si24126238laf.133.2014.10.06.07.36.00
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Mon, 06 Oct 2014 07:36:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.41 as permitted sender) client-ip=209.85.215.41; 
Received: by mail-la0-f41.google.com with SMTP id pn19so4558922lab.28
 for <patchwork-forward@linaro.org>;
 Mon, 06 Oct 2014 07:36:00 -0700 (PDT)
X-Received: by 10.112.130.226 with SMTP id oh2mr3281987lbb.100.1412606160669; 
 Mon, 06 Oct 2014 07:36:00 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.130.169 with SMTP id of9csp193693lbb;
 Mon, 6 Oct 2014 07:35:59 -0700 (PDT)
X-Received: by 10.140.101.139 with SMTP id u11mr28074822qge.0.1412606159315; 
 Mon, 06 Oct 2014 07:35:59 -0700 (PDT)
Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11])
 by mx.google.com with ESMTPS id
 g14si25562463qge.31.2014.10.06.07.35.58 for <patch@linaro.org>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Mon, 06 Oct 2014 07:35:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 client-ip=2001:4830:134:3::11; 
Received: from localhost ([::1]:52232 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1Xb9OI-0007iT-E3
 for patch@linaro.org; Mon, 06 Oct 2014 10:35:58 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50895)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <riku.voipio@linaro.org>) id 1Xb9Mp-0006dq-Pn
 for qemu-devel@nongnu.org; Mon, 06 Oct 2014 10:34:32 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <riku.voipio@linaro.org>) id 1Xb9Mk-0006MH-Ur
 for qemu-devel@nongnu.org; Mon, 06 Oct 2014 10:34:27 -0400
Received: from [2001:4b98:dc0:45:216:3eff:fe3d:166f] (port=44187
 helo=afflict.kos.to) by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <riku.voipio@linaro.org>) id 1Xb9Mk-0006LP-Ar
 for qemu-devel@nongnu.org; Mon, 06 Oct 2014 10:34:22 -0400
Received: from afflict.kos.to (afflict [92.243.29.197])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by afflict.kos.to (Postfix) with ESMTPSA id 74B6926512;
 Mon,  6 Oct 2014 16:34:20 +0200 (CEST)
From: riku.voipio@linaro.org
To: qemu-devel@nongnu.org
Date: Mon,  6 Oct 2014 17:34:17 +0300
Message-Id: <db510c161c3d9939c949511845774eb9851f7b18.1412604632.git.riku.voipio@linaro.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <cover.1412604631.git.riku.voipio@linaro.org>
References: <cover.1412604631.git.riku.voipio@linaro.org>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 2001:4b98:dc0:45:216:3eff:fe3d:166f
Cc: Alexander Graf <agraf@suse.de>
Subject: [Qemu-devel] [PULL 3/5] linux-user: Simplify timerid checks on
 g_posix_timers range
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: riku.voipio@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.41 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

From: Alexander Graf <agraf@suse.de>

We check whether the passed in timer id is negative on all calls
that involve g_posix_timers.

However, these checks are bogus. First off we limit the timer_id to
16 bits which is not what Linux does. Then we check whether it's negative
which it can't be because we masked it.

We can safely remove the masking. For the negativity check we can just
treat the timerid as unsigned and only check for upper boundaries.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
---
 linux-user/syscall.c | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index dcb9df9..7087a56 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9615,11 +9615,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
     {
         /* args: timer_t timerid, int flags, const struct itimerspec *new_value,
          * struct itimerspec * old_value */
-        arg1 &= 0xffff;
-        if (arg3 == 0 || arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        target_ulong timerid = arg1;
+
+        if (arg3 == 0 || timerid >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
-            timer_t htimer = g_posix_timers[arg1];
+            timer_t htimer = g_posix_timers[timerid];
             struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
 
             target_to_host_itimerspec(&hspec_new, arg3);
@@ -9635,13 +9636,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
     case TARGET_NR_timer_gettime:
     {
         /* args: timer_t timerid, struct itimerspec *curr_value */
-        arg1 &= 0xffff;
+        target_ulong timerid = arg1;
+
         if (!arg2) {
             return -TARGET_EFAULT;
-        } else if (arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        } else if (timerid >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
-            timer_t htimer = g_posix_timers[arg1];
+            timer_t htimer = g_posix_timers[timerid];
             struct itimerspec hspec;
             ret = get_errno(timer_gettime(htimer, &hspec));
 
@@ -9657,11 +9659,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
     case TARGET_NR_timer_getoverrun:
     {
         /* args: timer_t timerid */
-        arg1 &= 0xffff;
-        if (arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        target_ulong timerid = arg1;
+
+        if (timerid >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
-            timer_t htimer = g_posix_timers[arg1];
+            timer_t htimer = g_posix_timers[timerid];
             ret = get_errno(timer_getoverrun(htimer));
         }
         break;
@@ -9672,13 +9675,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
     case TARGET_NR_timer_delete:
     {
         /* args: timer_t timerid */
-        arg1 &= 0xffff;
-        if (arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        target_ulong timerid = arg1;
+
+        if (timerid >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
-            timer_t htimer = g_posix_timers[arg1];
+            timer_t htimer = g_posix_timers[timerid];
             ret = get_errno(timer_delete(htimer));
-            g_posix_timers[arg1] = 0;
+            g_posix_timers[timerid] = 0;
         }
         break;
     }